Add to Favorites

Google Gmail/Calendar Security Flaw

I recently had some problems with the Google Calendar - and wanted users to be aware. This is what I sent to google to warn them of the security issue:

"I have been using google calendar with the login "" and my password.

I recently had a need to create a gmail account because my personal email was not functioning.

I created the gmail account with the username "newusername".

It asked me to associate a personal email and so I entered ""

Shortly thereafter I realized I couldn't get into my google calendar.

I repeatedly tried to login when I realized that by creating a gmail account and associating that email - it changed my google calendar username and gave my gmail account access to the calendar.

I consider this a security flaw, as anyone could have created a new gmail account, associated it with my email, and would have instantly had access to my google calendar.
Luckily - the individual creating the gmail account was me - so I figured out what happened. In addition, had it not been me, I would still be wondering why I couldn't access my calendar.

I hope this is valuable as other's may not be so lucky. For example, I could great new gmail accounts and guess emails to associate them with and get into other peoples google calendars, while at the same time changing their username.


Be the first to leave a comment on this post.

Leave a comment

To leave a comment, please log in / sign up